dffdab50e95ce0ffa0dc566766cf25c00c6bd54ebf42e39727629d7d7fe9137a | Triage

Sharing

General

Target

dffdab50e95ce0ffa0dc566766cf25c00c6bd54ebf42e39727629d7d7fe9137a.bin
Size

1.1MB
Sample

230505-ytcfrabe38
MD5

650047167f9d0a42da88c544621153ee
SHA1

63c13716ad678d6cc869115de73ff1f3e9c84c82
SHA256

dffdab50e95ce0ffa0dc566766cf25c00c6bd54ebf42e39727629d7d7fe9137a
SHA512

5080e3d670e6bd81fd606d6635a3f6ee5f214444c606c4cd916b7e7b6698870ff649f6c1c01c2f7dffedebf9cabe7abfebd8c5cf99155f85d8b05bb70a82f869
SSDEEP

24576:wyqTYFUo/uo+uI4Of3CwgAsBRe3U96Ihzzt3dlvEO7:31bWmIp1gAs7e3U96IpztPvEO

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  dffdab50e95ce0ffa0dc566766cf25c00c6bd54ebf42e39727629d7d7fe9137a.bin
- Size
  
  1.1MB
- MD5
  
  650047167f9d0a42da88c544621153ee
- SHA1
  
  63c13716ad678d6cc869115de73ff1f3e9c84c82
- SHA256
  
  dffdab50e95ce0ffa0dc566766cf25c00c6bd54ebf42e39727629d7d7fe9137a
- SHA512
  
  5080e3d670e6bd81fd606d6635a3f6ee5f214444c606c4cd916b7e7b6698870ff649f6c1c01c2f7dffedebf9cabe7abfebd8c5cf99155f85d8b05bb70a82f869
- SSDEEP
  
  24576:wyqTYFUo/uo+uI4Of3CwgAsBRe3U96Ihzzt3dlvEO7:31bWmIp1gAs7e3U96IpztPvEO
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2